Medical Practices Brace for 2016 Desk Audits

Medical Practices Brace for 2016 Desk Audits

“For doctors in a small to medium-sized practice, patient care takes first priority, and these challenges are making it harder for practices to thrive,” explains Kevin Wade, President and CEO of IntelliSystems, a local IT company that provides risk assessments for practices to help them work toward HIPAA compliance and prepare for potential audits. “We have not had any local instances of desk audits yet, but through special tools that we provide, it gives the practices that we have worked with and have done risk assessments for a peace of mind that they are protected in case of an audit.”

Beginning in January of 2016, the Office for Civil Rights (OCR) will begin Phase 2 of their audit program including desk audits. The audit mandate, an extension of the Health Information Technology for Economic and Clinical Health (HITECH) Act, means that any provider subject to Health Insurance Portability and Accountability Act (HIPAA) standards is also subject to a potential audit of their privacy, security, and breach notification statuses.

According to, “The HITECH Act mandates that OCR conduct periodic audits to assess entity compliance with HIPAA. OCR plans to conduct comprehensive and desk audits of covered entities and business associates. Audits are a proactive approach to evaluating and ensuring HIPAA privacy and security compliance.” These audits will affect both practices and business associates that work with them such as their IT companies, shredding and copier companies, and anyone who could potentially come in contact with Protected Health Information (PHI). They should both obtain a copy of the audit protocol to use in their own internal audits from

HIPAA compliance is not just about breaches. A smart backup and disaster recovery plan, having a risk assessment performed, and ensuring your data is secure are all integral in protecting the three hallmarks of compliance: the security, integrity, and availability of electronic protected health information (ePHI). Now is the time to prepare for a potential audit.

IntelliSystems will be holding a free HIPAA compliance and security seminar on February 18, 2016 at the Columbia Chamber of Commerce. This program is entitled, “What every practice manager and doctor must have in place now to run a compliant, profitable, and secure practice” and will also include presenters from HIPAA Help Center, a compliance management software. For more information and to sign up for the lunch or afternoon sessions of this seminar, visit

About Kevin Wade:

Kevin Wade is the President and CEO of IntelliSystems, which has been in operation since 1993, and has offices in Columbia, Aiken, and Augusta. He has over twenty-five years of experience advising business clients on the most productive deployment of their computer and telephone technology and regularly speaks to organizations and trade groups on technology subjects affecting business owners, managers, and employees. Kevin is a Certified HIPAA Security Professional (CHSP) through 4MedPro and is a member of the Columbia chapter of the South Carolina Medical Managers Association (SCMGMA). He has spoken to various medical organizations in the Midlands area about IT best practices---the SCMGMA, Capital Coders, Columbia’s local chapter of the American Academy of Professional Coders (AAPC)---and had the honor of being named the Augusta Chamber of Commerce’s 2012 Entrepreneur of the Year.

About IntelliSystems:

Founded in 1993, IntelliSystems is “The Small Business IT Department”, with offices in Augusta, Aiken, and Columbia. Featuring a "60 minutes or less" response time for most technology problems, they use a proactive approach to leverage a variety of tools to manage client IT systems, resulting in less “fixing” of recurring problems that rob organizations of employee productivity. Specializing in business IT services, telecommunication systems, cabling and wireless contracting, cloud services, and backup and disaster recovery management, IntelliSystems strives to be a one-call resource for IT, Internet, and telephone communications in both the CSRA and the Midlands. For more information, visit